Getting root turned out to be easier than getting user - the answer was right in front me, but I've thought it is wrong. Also got to experiment with some ruby scripts, thanks for the machine!
Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can't decrypt the type 5 hash and I can't authenticate myself on smb using this findings.
Type your comment> @MrB33n said:
> Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can't decrypt the type 5 hash and I can't authenticate myself on smb using this findings.
The passes are right, Search for more users in Port 80
Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can't decrypt the type 5 hash and I can't authenticate myself on smb using this findings.
The passes are right, Search for more users in Port 80
I tried H***** too sorry... I think I haven't cracked the good type 5 hash... Thkz
I was just turning it off. Because there was still so much information with grep . But when I looked at the top line and saw the password. thanks for helping from user to root |@meangreen)
@mrb33n , the issue is likely not the wordlist...try googling for methods to decrypt that type of password. When you find something that you might not have tried before, go back and use it with your old wordlists. Also, to make things go quicker, look back at the c****g and see if there's any criteria that you can use to remove passwords of a certain size range from your list.
Root taken.
For root, make sure, you dump all you want, else you will "learn" the hard way the use of flags, and why you should read the the help, before use. Props to @MinatoTW for this amazing box, and learning experience
I"m certain i have the correct user password but I cant get PS to work (access denied)? I'd love to PM someone and show them the command I am using....
from impacket i use l**k***d.py i get many user
i get cred C***e:Q********d
but i can't use this cred no where
i try the other winrm auxiliere and exploit with this cred it don't work it say wrong cred ...
and i can't import exploit from exploit-db to metasploit i don't know why ?
okay. I have no idea what I'm doing wrong. haven't even got user.
I've looked around the box. cracked two easy hashes, but cant get the third. been running hashcat for hours and i feel like im doing everything wrong. (90,000 R U, and 35,000 via a custom R U list with only long passwords)
everything i've read here is not helping with this particular box.
can someone DM/PM me with tips.
thanks
EDIT: thanks to @mikensen for correcting my hashcat syntax
I spent a lot of time trying to get this to work with native P****S**** or Metasploit. The trick for me was to use E-W****. If any one know why this worked with E-W**** and not native P****S**** or Metasploit, please MSG me so we can chat.
Comments
thanks @meangreen for your help on this! not sure why one method worked over the other...but it did!
Got Root!.. Thank you @bertalting .... Check those processes...
Getting root turned out to be easier than getting user - the answer was right in front me, but I've thought it is wrong. Also got to experiment with some ruby scripts, thanks for the machine!
Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can't decrypt the type 5 hash and I can't authenticate myself on smb using this findings.
> Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can't decrypt the type 5 hash and I can't authenticate myself on smb using this findings.
The passes are right, Search for more users in Port 80
Can anyone help with Heist? From where to begin, any hints, walkthrough would be helpful.
Please contact me via telegram - @CarlosLiu
Type your comment> @bertalting said:
I tried H***** too sorry... I think I haven't cracked the good type 5 hash... Thkz
I'm getting the following error when running the evil script, tried all combinations or user/pass... any help anyone?
"Error: Can't establish connection. Check connection params
Error: Exiting with code 1"
I was just turning it off. Because there was still so much information with grep . But when I looked at the top line and saw the password. thanks for helping from user to root |@meangreen
)
So i'm on the last stages of rooting, I've got what I think the final username and password however where do I use these?
hopefully not giving anything away here but I can log in to the webpage
Type your comment> @jstnlmb2008 said:
Sorry, stupid question now rooted whoop whoop
I keep getting "access denied" when I try to look at running processes...
Type your comment> @zms200 said:
Powershell is your friend...
What tool can I use to crack the type 5 password plz ? I tried all my dictionnaries with hashcat and John but it' s not enough...
@mrb33n , the issue is likely not the wordlist...try googling for methods to decrypt that type of password. When you find something that you might not have tried before, go back and use it with your old wordlists. Also, to make things go quicker, look back at the c****g and see if there's any criteria that you can use to remove passwords of a certain size range from your list.
are you saying that permissions for that user on the machine are different when using powershell as opposed to the regular cmd shell?
Type your comment> @zms200 said:
well I just tried it, and it apparently works...thanks!!!
...aaannnddd rooted!!!
@zms200 Thanks you ! I found thanks to hashcat and a new wordlist but I see what you meant.
Now, I use it everywhere but it don't work ^^.
Type your comment> @MrB33n said:
Try some mixing and matching
Root taken.
For root, make sure, you dump all you want, else you will "learn" the hard way the use of flags, and why you should read the the help, before use. Props to @MinatoTW for this amazing box, and learning experience
I"m certain i have the correct user password but I cant get PS to work (access denied)? I'd love to PM someone and show them the command I am using....
Got root.
This is my first box from live machines. Thank you all for hints and thank you @MinatoTW .
got cracked 3 passwords, 2 users, but dunno what have to do next.. can someone pm me how to continue?
from impacket i use l**k***d.py i get many user
i get cred C***e:Q********d
but i can't use this cred no where
i try the other winrm auxiliere and exploit with this cred it don't work it say wrong cred ...
and i can't import exploit from exploit-db to metasploit i don't know why ?
https://www.hackthebox.eu/home/users/profile/109272
> got cracked 3 passwords, 2 users, but dunno what have to do next.. can someone pm me how to continue?
you probably missing 1 user... try and mix
is H****d my missing user? i cant find any impacket tool to use. too many asterix on that python file
okay. I have no idea what I'm doing wrong. haven't even got user.
I've looked around the box. cracked two easy hashes, but cant get the third. been running hashcat for hours and i feel like im doing everything wrong. (90,000 R U, and 35,000 via a custom R U list with only long passwords)
everything i've read here is not helping with this particular box.
can someone DM/PM me with tips.
thanks
EDIT: thanks to @mikensen for correcting my hashcat syntax
How to crack cisco secret 5 hash please PM! Gracias.
I spent a lot of time trying to get this to work with native P****S**** or Metasploit. The trick for me was to use E-W****. If any one know why this worked with E-W**** and not native P****S**** or Metasploit, please MSG me so we can chat.